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REMARKS 



By this Amendment, claims 1, 18, 73, 74 and 127 have been amended without any 
intention of narrowing the scope of any of the claims and not in response to any rejections. 
Claims 1, 18-21, 72-84 and 109-131 are pending in this patent application. Reconsideration 
of the rejections in view of the remarks below is requested. 

The Office Action rejected claims 79, 82-84 and 1 12-1 14 under 35 U.S.C. §102(b) as 
being anticipated by U.S. Patent No. 5,214,702 to Fischer ("Fischer"). Applicant respectfully 
traverses the rejection, without prejudice. 

Applicant submits that the cited portions of Fischer fail to at least disclose a method 
of enforcing a security policy in a cryptographic system, said policy including controlling use 
of a public key, said method comprising providing a recipient with a message containing 
rules of said system and with a secure device containing an inactive form of said public key, 
wherein said public key cannot be obtained from said device, and, in response to said 
recipient digitally signing said message, activating said public key in said secure device, as 
recited in claim 79. 

The Office Action refers to col. 12, lines 53-60 and col. 14, lines 26-39 of Fischer as 

disclosing providing a recipient with a message containing rules of said system and with a 

secure device containing an inactive form of said public key, wherein said public key cannot 

be obtained from said device, as recited in claim 79. Col. 12, lines 53-50 of Fischer provides: 

When a party B in a ladder of certifications creates an authorizing 
certificate for party A, the certificate includes a specification of A's 
identity together with A's public encryption signature/key. Additionally, 
the certificate indicates the authority, capabilities and limitations which B 
wishes to grant A. By granting this certificate B explicitly assumes 
responsibility for both A's identity and authority. 

Further, col. 14, lines 26-39 of Fischer provides: 

Additionally, if utilized in an organization, dealing with extremely 
sensitive business or military information, clearance levels may also be 
defined in the certificate. In this fashion, a certificate may specify the 
exact security level of the person who authorized a signed message. 

Additionally, each certification may specify the monetary limit, 
i.e., the maximum amount of money value which the certifiee is 
authorized to deal with. The monetary limit must not of course exceed the 
limit in the certifier's own certificate to insure that the certifier does not 
delegate more than he is allowed to handle. Such a limitation is easily 
enforced when a recipient receives the set of certificates. 
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First, Applicant respectfully submits that the Office Action has failed to establish that 
these cited portions of Fischer disclose a message containing rules of a system. There is not 
even if a reference to rules, let alone rules of a system in those cited portions. 

Applicant respectfully submits that the Office Action also has failed to establish that 
these cited portions of Fischer disclose a secure device containing an inactive form of said 

public key. Even if there were a disclosure to a secure device in these cited portions of 

j 

Fischer (which Applicant does not concede), there is no reference to an inactive form of a 
public key. At most there is merely a reference to a public key. 

Further, even if the Office Action had established that the cited portions of Fischer 
disclosed a secure device containing an inactive form of said public key (which Applicant 
does not concede), the Office Action has failed to establish that these Cited portions of 
Fischer disclose that the public key cannot be obtained from the device. There seems to be no 
reference to the public key in those cited portions of Fischer not being obtainable from a 
device. 

The Office Action then refers to col. 18, lines 46-64 and col. 19, line 67 to col. 20, 
line 67 of Fischer as disclosing, in response to said recipient digitally signing said message, 
activating said public key in said secure device, as recited in claim 79. Col 12, lines 53-50 
provide that: 

Having selected his own certificate with which to sign A's 
certificate, B at 106 utilizes the certificate 108 with the associated public 
key 1 10 to create a signature of a new certificate 1 12. As in FIG. 2, the 
signature is created using an object (A's certificate 116) and a certificate 
(B's certificate 108). B's secret private key is utilized in the decrypt 
operation to create the signature 1 12 of the new certificate 1 16 and the 
signature packet 1 14 of B f s signature becomes part of A's new certificate 
packet. 

Focusing on the certificate for A which is constructed using 
information about A specified by B, B builds the certificate by utilizing 
the public aspect of A's public key as provided by A via line 103. B also 
sets forth A's full name, A's title and other important statistics such as his 
address, and telephone number. B may also include a comment to go with 
the certification which will be available to any person in the future who 
needs to examine A's certificate. 

Further, col. 14, lines 26-39 provide that: 

B additionally incorporates his own public key has into the 
certificate which identifies B as the primary sponsor of A's certificate. As 
the creator of A's certificate, it is contemplated that B will have the 
authority to cancel A's certificate. B may also designate other parties who 
may sign A's certificate to grant various types of authority to A. 

Other fields may be included in the certificate. For example, the 
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current date and time which reflects the moment of the initial creation of 
the certificate. As indicated in FIG. 5, the complete certificate consists of a 
certificate packet with includes the certificate 1 16 for A and the signature 
packet 114 of B's signature to A's certificate. 

B's signature and the hierarchy of all certificates and signatures 
which validate it are kept by A and sent along whenever A uses his 
certificate. It is contemplated that B or other parties may create several 
certificates for A. For example, one certificate might allow A to reliably 
identify himself with no further designated authority. Another certificate 
might allow authorization to A of certain limited money amounts without 
requiring any cosignatures. A third might allow authorization for larger 
amounts but require one or more cosignatures. Still another might allow A 
to subcertify other persons according to still different money and/or 
authority limitations and/ or co-signature specifications. 

Assuming that B has created a certificate for A as shown in FIG. 5, 
if B requires no cosigners then the certificate is complete. However, the 
certificate which empowered B to create A's certificate may have required 
that B have cosigners. There may be one or more joint signature and/or 
counter signature requirements. 

FIG. 6 exemplifies the steps taken by party C to jointly certify the 
certificate of A. The requirement to have a joint signer would be specified 
in B's own certificate. In this case, a transmitted object (in this case A's 
new certificate) signed with B's certificate would be rejected by a recipient 
if C's joint signature is not also present on the object. 

As shown in FIG. 6, if such a joint signature is required, a copy of 
B's certificate for A is sent (120) to C who must jointly sign the certificate 
(132). C then (122) examines A's certificate and verifies that the public 
key of the certificate actually belongs to A in accordance with process 
outlined in conjunction with FIG. 3. 

C then examines the signed attributes and authorizations set forth 
in the certificate including the assigned monetary level, trust level, etc. C 
then, upon concluding that all the fields in B's certificate for A are 
appropriate, selects his own certificate with which to perform the signature 
126. With his own certificate 128, C signs B's certificate of A 132 (130). 
Once C signs his certificate his signature appears essentially parallel with 
B's signature and any other cosigners as shown at 134 and 136 of FIG. 6, 
Thus, it is important that C exercise as much caution as B when approving 
A's certificate. Once A's certificate is created no cosigner may change the 
certificate for to do so would create essentially a different object to which 
none of the previous signatures would apply. If C does not approve the 
certificate he must avoid signing it, and should have a different certificate 
constructed and re-signed by all necessary parties. After C adds his joint 
certificate to B's certificate of A, A's certificate packet consists of the 
certificate for A 132, B's signature packet for A's certificate 134 and 
finally C's signature packet for A's certificate 136. 

Even if the cited portions of Fischer disclosed something occurring in response to a 
recipient digitally signing the message as claimed (which Applicant does not concede), 
Applicant respectfully submits that the Office Action has failed to establish that these cited 
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portions of Fischer disclose activating said public key in said secure device. There is not even 
a reference to activating a public key in these cited portions, let alone activating a public key 
in a secure device. 

Therefore, for at least the above reasons, the cited portions of Fischer fail to disclose 
all the features recited by claim 79. Claims 82-84 and 112-114 depend from claim 79 and are 
thus patentable at least for the same reasons as claim 79, as well as for the additional features 
recited therein. As a result, Applicant respectfully submits that the rejection under 35 U.S.C. 
§ 102(b) of claims 79, 82-84 and 1 12-1 14 based on Fischer should be withdrawn and the 
claims be allowed. 

All rejections having been addressed, it is respectfully submitted that the present 
application is in condition for allowance. If questions relating to patentability remain, the 
Examiner is invited to contact the undersigned to discuss them. 

Should any fees be due, please charge them to our deposit account no. 03-3975, under 
our order no. 061047/0264493. The Commissioner for Patents is also authorized to credit any 
over payments to the above-referenced deposit account. 



Respectfully submitted, 




PILLSBURV\WINTHROP SHAW PITTMAN LLP 



P. O. Box 10500 
McLean, VA 22102 
(703) 770-7900 
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